Hider is a lightweight ExpressionEngine add-on for safely encoding and decoding short pieces of data (like filenames, download URLs, or identifiers). It uses a rotating encryption key that automatically changes every 24 hours, making links short-lived and secure—perfect for expiring download links, temporary report access, or tokenized embeds.

✨ Features

• 🔒 Secure Encryption — Uses modern XChaCha20-Poly1305 authenticated encryption.
• 🔁 Daily Rotating Key — Keys rotate every 24 hours, with a built-in grace period for previously issued links.
• ⏱ Expiring Tokens — Each encoded value includes its own expiration (defaults to 1 hour).
• 🌐 URL-Safe — Encoded output is safe to use in query strings or path segments.
• 🧩 Simple Tag Pair Syntax — Works directly in templates with {exp:hider:encode} and {exp:hider:decode}.

🧱 Installation

1. Copy the folder
   Place the hider add-on folder into your system/user/addons/ directory (so you’ll have system/user/addons/hider/).
2. Install through ExpressionEngine
   
   • Go to Developer → Add-ons in your EE Control Panel.
   • Find Hider in the list and click Install.
3. That’s it!
   The add-on will automatically generate and cache its daily encryption key on first use.

🧩 Template Tags

Encode

Encodes a value into a URL-safe, expiring token.

    {exp:hider:encode}
        String goes here
    {/exp:hider:encode}

For example

https://example.com/my/reports/{exp:hider:encode}q3-summary.pdf{/exp:hider:encode}

This returns an encrypted string you can safely include in URLs, for example:

https://example.com/my/reports/biglongobnoxiousstringthatnoonecanreadnotevenyou

Decode

Decodes a token and returns the original value.

{exp:hider:decode}{segment_3}{/exp:hider:decode}

If the token is invalid or expired, it will output:

Sorry, filename is invalid. Please go back and try again.

⚙️ How It Works

• Each token is encrypted with a daily rotating key, stored securely in the EE cache.
• Tokens include:
  
  • The original value (your string)
  • An expiration timestamp (defaults to 1 hour)
  • The key ID (so it knows which daily key to use)
• Decrypting automatically validates expiration and integrity.
• This means tokens are valid for about a day, even during key rotation, but typically expire after one hour.

📚 Documentation & Support

• Docs: http://docs.triplenerdscore.net/project/hider
• Support & Issues: https://github.com/dougblackjr/tns-ee-addons

🧠 Author

tripleNERDscore Building helpful, modern tools for ExpressionEngine and the web.